top of page

ESPOIR

Privacy Policy

1. Controller

Espoir - Verein zur Unterstützung hilfsbedürftiger Kinder und Förderung junger Frauen
Address: Römerweg 61, 6370 Kitzbühel
Email: info@espoir.at
Website: https://www.espoir.at

Espoir Association (“we,” “us,” or “our”) is responsible for processing personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

2. Personal Data We Collect

We collect and process personal data only as necessary to operate our website and online services.
This includes:

  • Contact Data: name, email address, phone number (via contact or donation forms)

  • Order Data: billing and shipping address, payment details, products purchased

  • Donation Data: donor name, amount, payment method, and purpose of donation

  • Technical Data: IP address, browser type, operating system, date/time of access

  • Newsletter Data: name, email address (only if subscribed)

  • Cookies and Tracking Data: see our Cookie Policy for details

3. Purposes and Legal Bases

We process personal data only to the extent necessary for specific, legitimate purposes in accordance with Article 6 of the GDPR:

  • To process and deliver online shop orders, data is processed for the performance of a contract (Art. 6(1)(b) GDPR).

  • To manage donations and issue receipts, processing is based on legal obligations and our legitimate interests in transparent record-keeping (Art. 6(1)(c) and (f) GDPR).

  • To respond to contact or support requests, data is processed either with your consent or based on our legitimate interest in responding to inquiries (Art. 6(1)(a) and (f) GDPR).

  • To send newsletters and updates, we process your data only with your explicit consent (Art. 6(1)(a) GDPR).

  • To maintain website security, analyze usage, and optimize performance, processing is based on our legitimate interest in ensuring stable and efficient operation (Art. 6(1)(f) GDPR).

  • To comply with accounting, tax, and other legal requirements, processing is necessary to fulfill legal obligations (Art. 6(1)(c) GDPR).

4. Processors and Third-Party Services

We rely on trusted service providers under data processing agreements (Art. 28 GDPR):

  • Wix.com Ltd. (hosting, website platform) – Tel Aviv, Israel
    Israel has an EU adequacy decision under Art. 45 GDPR.

  • Stripe / PayPal (payment processing)

  • Google LLC (analytics, fonts; if enabled) – transfers safeguarded by EU Standard Contractual Clauses

  • Newsletter provider (e.g., Mailchimp, to be implemented)
    All processors are contractually bound to process data securely and solely on our behalf.

5. Cookies

We use essential cookies for website functionality and optional cookies for analytics or marketing.
Non-essential cookies are only activated after your explicit consent via the cookie banner.
You can withdraw consent at any time by changing cookie settings in your browser or via our Cookie Policy.

6. Data Transfers Outside the EU/EEA

Where data is transferred to countries without an adequacy decision (e.g., the USA), such transfer occurs under EU Standard Contractual Clauses (Art. 46 GDPR) to ensure equivalent protection.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal obligations.

Contact inquiries are stored for up to twelve months after the matter has been resolved.
Order and donation records are kept for seven years in accordance with Austrian tax and accounting regulations.
Newsletter subscription data is stored until you withdraw your consent.
Technical data such as server logs are retained for up to twelve months for security monitoring and troubleshooting purposes.

After these periods, the data is securely deleted or anonymized.

8. Your Rights as a Data Subject

You have the right to:

  • Access your personal data (Art. 15 GDPR)

  • Rectify inaccurate data (Art. 16)

  • Request erasure (“right to be forgotten,” Art. 17)

  • Restrict processing (Art. 18)

  • Object to processing (Art. 21)

  • Withdraw consent at any time (Art. 7(3))

  • Data portability (Art. 20)

Requests may be sent to info@espoir.at.
If you believe your data is processed unlawfully, you may file a complaint with the Austrian Data Protection Authority (DSB).

9. Security Measures

We use SSL/TLS encryption, secure server infrastructure (Wix), access-restricted systems, and regular backups to protect your data against loss, alteration, and unauthorized access.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in legal or operational requirements.
The latest version will always be available at www.espoir.at/privacy-policy.

bottom of page